{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50475", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-10-04T15:13:33.467Z", "datePublished": "2025-10-04T15:16:36.235Z", "dateUpdated": "2026-05-11T19:20:12.658Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:20:12.658Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Make sure \"ib_port\" is valid when access sysfs node\n\nThe \"ib_port\" structure must be set before adding the sysfs kobject,\nand reset after removing it, otherwise it may crash when accessing\nthe sysfs node:\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Mem abort info:\n ESR = 0x96000006\n Exception class = DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000e85f5ba5\n [0000000000000050] pgd=0000000848fd9003, pud=000000085b387003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#2] PREEMPT SMP\n Modules linked in: ib_umad(O) mlx5_ib(O) nfnetlink_cttimeout(E) nfnetlink(E) act_gact(E) cls_flower(E) sch_ingress(E) openvswitch(E) nsh(E) nf_nat_ipv6(E) nf_nat_ipv4(E) nf_conncount(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) mst_pciconf(O) ipmi_devintf(E) ipmi_msghandler(E) ipmb_dev_int(OE) mlx5_core(O) mlxfw(O) mlxdevm(O) auxiliary(O) ib_uverbs(O) ib_core(O) mlx_compat(O) psample(E) sbsa_gwdt(E) uio_pdrv_genirq(E) uio(E) mlxbf_pmc(OE) mlxbf_gige(OE) mlxbf_tmfifo(OE) gpio_mlxbf2(OE) pwr_mlxbf(OE) mlx_trio(OE) i2c_mlxbf(OE) mlx_bootctl(OE) bluefield_edac(OE) knem(O) ip_tables(E) ipv6(E) crc_ccitt(E) [last unloaded: mst_pci]\n Process grep (pid: 3372, stack limit = 0x0000000022055c92)\n CPU: 5 PID: 3372 Comm: grep Tainted: G D OE 4.19.161-mlnx.47.gadcd9e3 #1\n Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS BlueField:3.9.2-15-ga2403ab Sep 8 2022\n pstate: 40000005 (nZcv daif -PAN -UAO)\n pc : hw_stat_port_show+0x4c/0x80 [ib_core]\n lr : port_attr_show+0x40/0x58 [ib_core]\n sp : ffff000029f43b50\n x29: ffff000029f43b50 x28: 0000000019375000\n x27: ffff8007b821a540 x26: ffff000029f43e30\n x25: 0000000000008000 x24: ffff000000eaa958\n x23: 0000000000001000 x22: ffff8007a4ce3000\n x21: ffff8007baff8000 x20: ffff8007b9066ac0\n x19: ffff8007bae97578 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000\n x15: 0000000000000000 x14: 0000000000000000\n x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000\n x9 : 0000000000000000 x8 : ffff8007a4ce4000\n x7 : 0000000000000000 x6 : 000000000000003f\n x5 : ffff000000e6a280 x4 : ffff8007a4ce3000\n x3 : 0000000000000000 x2 : aaaaaaaaaaaaaaab\n x1 : ffff8007b9066a10 x0 : ffff8007baff8000\n Call trace:\n hw_stat_port_show+0x4c/0x80 [ib_core]\n port_attr_show+0x40/0x58 [ib_core]\n sysfs_kf_seq_show+0x8c/0x150\n kernfs_seq_show+0x44/0x50\n seq_read+0x1b4/0x45c\n kernfs_fop_read+0x148/0x1d8\n __vfs_read+0x58/0x180\n vfs_read+0x94/0x154\n ksys_read+0x68/0xd8\n __arm64_sys_read+0x28/0x34\n el0_svc_common+0x88/0x18c\n el0_svc_handler+0x78/0x94\n el0_svc+0x8/0xe8\n Code: f2955562 aa1603e4 aa1503e0 f9405683 (f9402861)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/core/sysfs.c"], "versions": [{"version": "d8a5883814b9f7c08d7ff291070687d925b4f859", "lessThan": "f981c697b2f9bd5dd2f060e47ff8b5e0a2cd0c06", "status": "affected", "versionType": "git"}, {"version": "d8a5883814b9f7c08d7ff291070687d925b4f859", "lessThan": "ac7a7d7079124f46180714b2d41a1703d37101bb", "status": "affected", "versionType": "git"}, {"version": "d8a5883814b9f7c08d7ff291070687d925b4f859", "lessThan": "cd06d32a71fbb198b2d43dddf794badd80ffd25d", "status": "affected", "versionType": "git"}, {"version": "d8a5883814b9f7c08d7ff291070687d925b4f859", "lessThan": "5e15ff29b156bbbdeadae230c8ecd5ecd8ca2477", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/core/sysfs.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.86", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.16", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.2", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.15.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.0.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.1.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f981c697b2f9bd5dd2f060e47ff8b5e0a2cd0c06"}, {"url": "https://git.kernel.org/stable/c/ac7a7d7079124f46180714b2d41a1703d37101bb"}, {"url": "https://git.kernel.org/stable/c/cd06d32a71fbb198b2d43dddf794badd80ffd25d"}, {"url": "https://git.kernel.org/stable/c/5e15ff29b156bbbdeadae230c8ecd5ecd8ca2477"}], "title": "RDMA/core: Make sure \"ib_port\" is valid when access sysfs node", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3E497F0-212B-43AB-AFFF-C929EE6B5670", "versionEndExcluding": "5.15.86", "versionStartIncluding": "5.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C720A569-3D93-4D77-95F6-E2B3A3267D9F", "versionEndExcluding": "6.0.16", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "77239F4B-6BB2-4B9E-A654-36A52396116C", "versionEndExcluding": "6.1.2", "versionStartIncluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Make sure \"ib_port\" is valid when access sysfs node\n\nThe \"ib_port\" structure must be set before adding the sysfs kobject,\nand reset after removing it, otherwise it may crash when accessing\nthe sysfs node:\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Mem abort info:\n ESR = 0x96000006\n Exception class = DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000e85f5ba5\n [0000000000000050] pgd=0000000848fd9003, pud=000000085b387003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#2] PREEMPT SMP\n Modules linked in: ib_umad(O) mlx5_ib(O) nfnetlink_cttimeout(E) nfnetlink(E) act_gact(E) cls_flower(E) sch_ingress(E) openvswitch(E) nsh(E) nf_nat_ipv6(E) nf_nat_ipv4(E) nf_conncount(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) mst_pciconf(O) ipmi_devintf(E) ipmi_msghandler(E) ipmb_dev_int(OE) mlx5_core(O) mlxfw(O) mlxdevm(O) auxiliary(O) ib_uverbs(O) ib_core(O) mlx_compat(O) psample(E) sbsa_gwdt(E) uio_pdrv_genirq(E) uio(E) mlxbf_pmc(OE) mlxbf_gige(OE) mlxbf_tmfifo(OE) gpio_mlxbf2(OE) pwr_mlxbf(OE) mlx_trio(OE) i2c_mlxbf(OE) mlx_bootctl(OE) bluefield_edac(OE) knem(O) ip_tables(E) ipv6(E) crc_ccitt(E) [last unloaded: mst_pci]\n Process grep (pid: 3372, stack limit = 0x0000000022055c92)\n CPU: 5 PID: 3372 Comm: grep Tainted: G D OE 4.19.161-mlnx.47.gadcd9e3 #1\n Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS BlueField:3.9.2-15-ga2403ab Sep 8 2022\n pstate: 40000005 (nZcv daif -PAN -UAO)\n pc : hw_stat_port_show+0x4c/0x80 [ib_core]\n lr : port_attr_show+0x40/0x58 [ib_core]\n sp : ffff000029f43b50\n x29: ffff000029f43b50 x28: 0000000019375000\n x27: ffff8007b821a540 x26: ffff000029f43e30\n x25: 0000000000008000 x24: ffff000000eaa958\n x23: 0000000000001000 x22: ffff8007a4ce3000\n x21: ffff8007baff8000 x20: ffff8007b9066ac0\n x19: ffff8007bae97578 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000\n x15: 0000000000000000 x14: 0000000000000000\n x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000\n x9 : 0000000000000000 x8 : ffff8007a4ce4000\n x7 : 0000000000000000 x6 : 000000000000003f\n x5 : ffff000000e6a280 x4 : ffff8007a4ce3000\n x3 : 0000000000000000 x2 : aaaaaaaaaaaaaaab\n x1 : ffff8007b9066a10 x0 : ffff8007baff8000\n Call trace:\n hw_stat_port_show+0x4c/0x80 [ib_core]\n port_attr_show+0x40/0x58 [ib_core]\n sysfs_kf_seq_show+0x8c/0x150\n kernfs_seq_show+0x44/0x50\n seq_read+0x1b4/0x45c\n kernfs_fop_read+0x148/0x1d8\n __vfs_read+0x58/0x180\n vfs_read+0x94/0x154\n ksys_read+0x68/0xd8\n __arm64_sys_read+0x28/0x34\n el0_svc_common+0x88/0x18c\n el0_svc_handler+0x78/0x94\n el0_svc+0x8/0xe8\n Code: f2955562 aa1603e4 aa1503e0 f9405683 (f9402861)"}], "id": "CVE-2022-50475", "lastModified": "2026-01-23T16:36:59.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-10-04T16:15:44.050", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5e15ff29b156bbbdeadae230c8ecd5ecd8ca2477"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ac7a7d7079124f46180714b2d41a1703d37101bb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cd06d32a71fbb198b2d43dddf794badd80ffd25d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f981c697b2f9bd5dd2f060e47ff8b5e0a2cd0c06"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: RDMA/core: Make sure \"ib_port\" is valid when access sysfs node", "id": "2401529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401529"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nRDMA/core: Make sure \"ib_port\" is valid when access sysfs node\nThe \"ib_port\" structure must be set before adding the sysfs kobject,\nand reset after removing it, otherwise it may crash when accessing\nthe sysfs node:\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000050\nMem abort info:\nESR = 0x96000006\nException class = DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nData abort info:\nISV = 0, ISS = 0x00000006\nCM = 0, WnR = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp = 00000000e85f5ba5\n[0000000000000050] pgd=0000000848fd9003, pud=000000085b387003, pmd=0000000000000000\nInternal error: Oops: 96000006 [#2] PREEMPT SMP\nModules linked in: ib_umad(O) mlx5_ib(O) nfnetlink_cttimeout(E) nfnetlink(E) act_gact(E) cls_flower(E) sch_ingress(E) openvswitch(E) nsh(E) nf_nat_ipv6(E) nf_nat_ipv4(E) nf_conncount(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) mst_pciconf(O) ipmi_devintf(E) ipmi_msghandler(E) ipmb_dev_int(OE) mlx5_core(O) mlxfw(O) mlxdevm(O) auxiliary(O) ib_uverbs(O) ib_core(O) mlx_compat(O) psample(E) sbsa_gwdt(E) uio_pdrv_genirq(E) uio(E) mlxbf_pmc(OE) mlxbf_gige(OE) mlxbf_tmfifo(OE) gpio_mlxbf2(OE) pwr_mlxbf(OE) mlx_trio(OE) i2c_mlxbf(OE) mlx_bootctl(OE) bluefield_edac(OE) knem(O) ip_tables(E) ipv6(E) crc_ccitt(E) [last unloaded: mst_pci]\nProcess grep (pid: 3372, stack limit = 0x0000000022055c92)\nCPU: 5 PID: 3372 Comm: grep Tainted: G D OE 4.19.161-mlnx.47.gadcd9e3 #1\nHardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS BlueField:3.9.2-15-ga2403ab Sep 8 2022\npstate: 40000005 (nZcv daif -PAN -UAO)\npc : hw_stat_port_show+0x4c/0x80 [ib_core]\nlr : port_attr_show+0x40/0x58 [ib_core]\nsp : ffff000029f43b50\nx29: ffff000029f43b50 x28: 0000000019375000\nx27: ffff8007b821a540 x26: ffff000029f43e30\nx25: 0000000000008000 x24: ffff000000eaa958\nx23: 0000000000001000 x22: ffff8007a4ce3000\nx21: ffff8007baff8000 x20: ffff8007b9066ac0\nx19: ffff8007bae97578 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000\nx15: 0000000000000000 x14: 0000000000000000\nx13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000\nx9 : 0000000000000000 x8 : ffff8007a4ce4000\nx7 : 0000000000000000 x6 : 000000000000003f\nx5 : ffff000000e6a280 x4 : ffff8007a4ce3000\nx3 : 0000000000000000 x2 : aaaaaaaaaaaaaaab\nx1 : ffff8007b9066a10 x0 : ffff8007baff8000\nCall trace:\nhw_stat_port_show+0x4c/0x80 [ib_core]\nport_attr_show+0x40/0x58 [ib_core]\nsysfs_kf_seq_show+0x8c/0x150\nkernfs_seq_show+0x44/0x50\nseq_read+0x1b4/0x45c\nkernfs_fop_read+0x148/0x1d8\n__vfs_read+0x58/0x180\nvfs_read+0x94/0x154\nksys_read+0x68/0xd8\n__arm64_sys_read+0x28/0x34\nel0_svc_common+0x88/0x18c\nel0_svc_handler+0x78/0x94\nel0_svc+0x8/0xe8\nCode: f2955562 aa1603e4 aa1503e0 f9405683 (f9402861)"], "name": "CVE-2022-50475", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:rhivos:1", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat In-Vehicle Operating System 1"}], "public_date": "2025-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50475\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50475\nhttps://lore.kernel.org/linux-cve-announce/2025100438-CVE-2022-50475-b3ed@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-10-06T14:41:01.073398+00:00", "updated": "2025-10-06T14:41:01.073472+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}